CVE-2026-23091

Summary

In the Linux kernel, the following vulnerability has been resolved:

intel_th: fix device leak on output open()

Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close().

Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < af4b9467296b9a16ebc008147238070236982b6daffected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < 64015cbf06e8bb75b81ae95b997e847b55280f7faffected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < b71e64ef7ff9443835d1333e3e80ab1e49e5209faffected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < bf7785434b5d05d940d936b78925080950bd54ddaffected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < 0fca16c5591534cc1fec8b6181277ee3a3d0f26caffected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < f9b059bda4276f2bb72cb98ec7875a747f042ea2affected
LinuxLinux39f4034693b7c7bd1fe4cb58c93259d600f55561 < 95fc36a234da24bbc5f476f8104a5a15f99ed3e3affected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.68 <= 6.12.*unaffected
LinuxLinux6.18.8 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References